dark web

In 2022, cybercrime seems like everyday news. And in a way, it literally is. Simply search “data breach,” and you’ll find a wealth of businesses across the country dealing with the fallout of cybercrime. Businesses large and small fall victim to these attacks every day, putting more and more people’s personal information in jeopardy. And for consumers, your information leaking isn’t something you have to worry about for a few weeks, then move on. Because of the unique way personal data is stolen and sold, victims of data breaches have to keep an eye on their social media and bank accounts for years.

On the business side, you’ve likely heard the horror stories of businesses losing millions of Social Security Numbers, or even having confidential documents leaked. From retail stores like Target to digital forums like Facebook, businesses from every industry have fallen victim to cybercrime. Unfortunately, this digital devilry has only become more prevalent. 2021 was the worst year on record for businesses and consumers, with nearly 6 billion accounts breached by cybercriminals^[1]. There’s a decent chance even some of your personal information has been leaked without your knowledge. But if nearly 6 billion accounts across the Internet have been compromised, well, where is that information?

Where Does Your Personal Data Go?

When a data breach is reported, the most reported statistic is the number of accounts affected. Data breaches can have anywhere from a few victims, all the way up to 3 billion. When news of a breach breaks, reporters like saying that consumer data has been “leaked” or “published.” However, a more accurate term to describe a breach is that consumer data has been “auctioned off.” This is because the perpetrators of cyberattacks rarely use the data that they just stole. Rather, they simply sell your information to a multitude of low-level digital scammers, who try to make their money through simple phishing scams and the like, rather than complex cyberattacks.

Of course, stolen data can’t be sold on traditional commerce websites. And any public website that tried to sell the data would be taken down quickly for distributing a stolen good. After all, you can’t really Google “stolen data near me” and find what cybercriminals looking for. So, once all that data is stolen, where does it go on sale? On a section of the Internet few know about, and even fewer have visited: the Dark Web.

The Dark Web is a “layer” of the Internet that can only be accessed through special software. Estimated to be almost 500 times larger than the standard web, the Dark Web is a hub for cybercriminals and their illegal activities^[2]. After a data breach, the hackers will typically post about their haul on a Dark Web forum and offer the data to other users for a specific price. Depending on the price and quality of the stolen data, there could be anywhere from a few to hundreds of buyers. Even just hours after a data breach, your personal information could be in the hands of dozens of scammers all across the globe.

How Valuable is My Personal Data?

Not all data breaches are created equal, and not all information is equal either. Think about it: If you were a cybercriminal, would you want three million Twitter usernames and passwords, or one million credit card numbers? Considering Twitter logins are worth just USD $35, and credit card numbers are worth up to $240, most would choose the credit card numbers^[3]. Some pieces of information are simply more valuable than others, and cybercriminals know this. That’s why, when a data breach occurs, measuring the impact solely on the number of affected accounts is inaccurate. A leaked Facebook password could cause headaches, but besides a few spam posts, it probably won’t affect your life too much. A leaked passport number, however, could lead to something as serious as identity theft.

This showcases how stolen data itself isn’t particularly valuable, and is only valuable if you know what to do with it. After all, if you hand a random passerby your Social Security Number, it’s unlikely they’ll know how to steal your identity. Unfortunately, these Dark Web cybercriminals have all the knowledge they need to cause chaos in victims’ lives. Even information as simple as phone numbers and corresponding names can be a cash cow for scammers. The disparity in value between pieces of information highlights just how wide-ranging the damage from a data breach can be. So next time there’s a major data breach in the news, don’t just look at the number of accounts affected to judge the severity. Look at what was stolen to truly determine how damaging a cyberattack is.

What About Stolen Documents?

Of course, personal information isn’t the only data that is put at risk during a cyberattack. If cybercriminals target a business, law firm, or government agency, confidential documents could be leaked as well, especially in ransomware attacks. The problem, however, is that this confidential information simply isn’t valuable to cybercriminals. Therefore, when these documents are stolen, cybercriminals often demand a ransom and threaten to publish the confidential information unless it’s paid. For businesses that suffer this type of attack, they typically only have two choices: Pay the ransom, or face a public relations (or even legal) nightmare.

However, not all cyberattacks are typical. Some cybercriminals couldn’t care less about the money, and only seek to embarrass specific businesses. In one case, a Swiss hacker published confidential data from dozens of companies and government agencies as a protest against mass surveillance^[4]. For these companies and agencies, once the hacker gets the data, it’s gone, regardless of the ability to pay a ransom. This highlights how no two cyberattacks are exactly the same. Although most hackers are in it for the money, some simply seek to make a statement, regardless of the financial consequences. That’s why, when it comes to cybersecurity, it’s important to be prepared for anything and everything.

Protect Yourself from Cybercrime

Ultimately, the best way to protect yourself from cybercrime is to prepare. Thankfully, there are simple, inexpensive ways to greatly minimize the risk of a cyberattack on you or your employer. First, encryption is everything when it comes to cybersecurity. Encryption is like splitting your files into thousands of different puzzle pieces, so even if hackers got into your network, your documents are completely illegible to the attackers. Next, updating your security software is the easiest way to mitigate risk. Cybercriminals are always on the lookout for security holes, and those holes are much more prevalent in older versions of software. Keeping your software up-to-date could be the difference between safety, and one of the worst cyberattacks in history. Just ask Equifax.

Finally, one of the best ways to consistently prevent cyberattacks is to encourage a culture of security. This means educating all employees on the risks of cybercrime and how to minimize those risks. From teaching employees how to spot phishing emails to creating an incident response plan, simply prioritizing cybersecurity before a breach is one of the best ways to prevent cybercrime. Prioritizing cybersecurity doesn’t have to be expensive or time-consuming, but it’s the key to protecting your most valuable documents and data.

About AXEL

If you and your business are ready to prioritize cybersecurity, AXEL Go is the solution for you. AXEL Go uses military-grade encryption, blockchain technology, and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. At AXEL, we believe that privacy is a human right and that your information deserves the best protection. To try the most secure file-sharing app for PC and mobile devices, get two free weeks of AXEL Go here.

^[1] Mello, John P. “Data Breaches Affected Nearly 6 Billion Accounts in 2021.” TechNewsWorld, January 18, 2022. https://www.technewsworld.com/story/data-breaches-affected-nearly-6-billion-accounts-in-2021-87392.html

^[2] “After the Data Breach – What Happens to Your Data?” BlackFog, May 6, 2021. https://www.blackfog.com/after-the-data-breach-what-happens-to-your-data/

^[3] Sen, Ravi. “Here’s How Much Your Personal Information Is Worth to Cybercriminals – and What They Do with It.” PBS. Public Broadcasting Service, May 14, 2021. https://www.pbs.org/newshour/science/heres-how-much-your-personal-information-is-worth-to-cybercriminals-and-what-they-do-with-it

^[4] “U.S. Charges Swiss ‘Hacktivist’ for Data Theft and Leaks.” NBCNews.com. NBCUniversal News Group, March 19, 2021. https://www.nbcnews.com/tech/security/us-charges-swiss-hacktivist-data-theft-leaks-rcna448

Cybersecurity is a buzzy topic these days. Everyone seems to be clamoring for tips on how to stay safe online, and you read in a listicle somewhere that cybersecurity is currently one of the fastest growing fields. So how can you get a piece of the respect and professional prestige that a cybersecurity expert might have? Simply follow these tips.

Warn people about social media

Inform people that by posting photos of their brunch on social media, they are giving hackers and state actors the tools necessary to take you down.

But actually, that’s too specific and information-y to remember, and it’s kind of a downer. Make your warnings vague, as in, “that Facebook is up to no good!” or “be careful about Twitter!” This way, when the next terrible Facebook or Twitter thing happens, people will recognize your prescience.

Bring encryption up often

Now, you may not know what encryption is, and I certainly don’t, but what we do know is that it’s somehow important to cybersecurity experts. Talk about it a lot, and if you encounter someone whose knowledge on encryption is more advanced than yours, simply run away.

Make a big deal out of the dark web

Studies have shown that people love hearing about the dark web. Take advantage of this fact to improve your social standing by making a huge honkin’ deal out of the dark web whenever you can.

If you see someone holding a credit card, mention that there’s lots of stolen credit card information on the dark web. This will confuse them into thinking you can help them keep their credit card information off the dark web.

Extra points if you can explain to people what TOR stands for. But if someone actually asks you how it works, this is again the moment to simply run away.

Loudly proclaim that quantum computing is the future of cybersecurity

This is certainly true. Don’t ask me why.

If someone asks you to elaborate on your claims, run away.

Chant “identity, not perimeter” to anyone in your general vicinity

The idea here is that perimeter security, or the mighty firewall as some call it, will be overtaken by identity and access management security, which allows for more granular permissions to be set, and ensures that even if someone does breach the firewall, they won’t have access to everything.

But that’s sort of a long thing to remember, so just remember the chant. If anyone asks questions about the chant, tell them to stop interrupting the chant.

Start a group chat to share cybersecurity articles you don’t understand

You’re not legit until you’re sharing articles saying common facts that we all know about like “phishing is a thing,” and “hackers have our data.”

To solidify your standing as a thought leader, however, you need to take it one step further. Sharing articles about concepts you don’t understand will allow you to rise to the top of the cybersecurity fake expert field. Look for a title like “why you NEED quantum encryption TOR identity blockchain security NOW.” If someone asks you what that means, tell them it’s too late for them if they don’t know.